Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Frequent Slashdot contributor Bennett Haselton contributes the following piece on trying to get some measure of satisfaction in the struggle against pop-up ads, writing
"The most annoying thing about some pop-up ads, is that you have no way of knowing which ad-serving network served them or who the responsible parties are. Could we reduce the incidence of illegal or deceptive pop-up ads, by giving users an easier way to trace their origin and figure out where to send complaints? Here's one way to do it with a simple right-click."
Read on for the rest.

Occasionally while I'm surfing the web and a pop-up ad opens, my Norton
Anti-Virus will alert me that it blocked an "attack" on my computer,
and then in Norton's logs of recently blocked attacks, it gives the URL
of the content inside the pop-up ad that was blocked.
Sometimes it indicates whether the "threat" was blocked under the
category "scareware" (an ad that mimics a program scanning your PC for
viruses and then claiming to find "infections," which you have to remove
by purchasing the advertiser's software) or "malware" (an advertiser's
page that tries to infect your computer directly by using JavaScript
tricks to get around the browser's security features). I'm glad that
Norton blocks the malware attacks, since even though I always have all the
latest security patches installed for Internet Explorer, it's always possible
that an attacker could be using an exploit that hasn't been patched yet.
I don't really care about blocking the "scareware" ads, because I'm not going
to fall for an ad that claims to be scanning my PC for viruses, but most
Norton customers probably appreciate blocking those ads as well.

The problem in both cases is that it's hard even for an experienced user,
and almost impossible for a novice user, to know where to send a complaint about
the content in a pop-up window. You can usually figure out the URL of the content
in the pop-up window (just right-click the window content and pick "Properties"
in Internet Explorer or "View Page Info" in Firefox), but often the
content itself is being served from an IP address in a jurisdiction like China
or Cyprus where malicious operators are hard to shut down.
What you really want is for them to stop serving their dangerous ads on reputable
websites through the ad network.
You could complain to the owner
of the website that you're browsing, and say that a pop-up ad window from their site got blocked
by Norton as a "virus," but if their site rotates ads from different providers,
the site owner would have no way of knowing which advertising network served the
ad. Even if you know the URL of the malicious content that was in the pop-up
window, that's not enough to tell which advertising network it was served from
(because ad networks typically don't serve the ads from their own domain; they
just serve a redirect, which causes the browser to load the pop-up ad's contents from
the advertiser's domain).

And even if you know which advertiser network served
the ad, and the URL that the malicious pop-up content was served from
(say, http://www.evilsite.cn/popup.html), so you can take your
complaint directly to the advertising network, that may still not be enough information
for them to figure out which of their advertisers served the malicious content and
needs to be booted out of the network. Because all the advertiser network has is a
list of ad pages for their different advertisers (http://www.advertiser-1.com/ad.html,
http://www.adveritser-2.com/ad.html, etc.) — the advertiser buys the right to show ads,
and the ad network displays ads that load content from those ad content pages.
If one of those pages — say, http://www.adveritser-2.com/ad.html — redirects the
user's browser to http://www.evilsite.cn/popup.html, the advertiser network has no way
of knowing which advertiser is doing that. They would have to go through and check
the ad-serving pages (http://www.advertiser-1.com/ad.html, http://www.adveritser-2.com/ad.html,
and so one one at a time)
for each of their advertisers, to see which of those pages redirect to
http://www.evilsite.cn/popup.html — and by the time they do that, the advertiser might have altered
the page so that it no longer redirects to the malicious content. While it's pretty
straightforward to figure out what URL the malicious content is being loaded from, it's
very difficult to figure out the chain of events that redirected you there, and who the
responsible parties are.

So here's an idea for a simple browser feature that would make it a lot easier to hold
malicious advertisers accountable, and get them kicked out of honest ad-serving networks.
Simply give the user a way to right-click on the top
of a browser window, and pick "View window origin" or something similar. This would
display the sequence of redirects that opened the window, something like this:

Then, if the user views an ad that is obviously scareware (or if Norton blocks the contents from
loading and gives that as a reason), then the user can just right-click on the window and see
the list of redirects. The user could then e-mail that to the website owner with a suggestion to do
something about it ("The ad network on your page, has been infiltrated by an advertiser who is
using the ad network to serve malicious content"), or the user could take the complaint to
the advertiser network. The advertiser network would be able to see from the log, exactly which
of their advertisers' ad.html pages served the malicious content.

(Yes, this comes on the heels of my article arguing that we should allow
more intrusive ads
as a way to help pay for services that can't finance themselves with normal pop-up ads.
This may strike some people as "ironic" who haven't thought about it very carefully. Getting
users to give larger amounts of their attention in exchange for premium service, is an honest
and mutually beneficial
transaction; scaring users with deceptive ads, or using ad space to try to infect their computer,
is not. I think that Starbucks has the right to charge whatever they want for coffee;
that doesn't mean they have the right to pee in your coffee.)

In order for this window-history-tracing feature
to make a difference, at least the following two conditions also
have to be true:

The advertiser network has to be honest (honest enough to kick out advertisers who they
know are serving malicious content), or at least, be located in a jurisdiction where they
have to worry about being sued or prosecuted if they don't kick bad apples out of their
network.

When the malicious ads are served, enough users have to complain about them that the
advertiser network takes notice. You wouldn't want the advertiser network to take action
just based on a single complaint, since then anyone with a grudge could file a phony complaint
against an advertiser in order to get them shut down, but if complaints start coming in from
several sources, then they should investigate.

Fortunately, these would be likely to be true in many if not most cases where malicious pop-up
windows are being served. With regard to the first condition,
I've dealt with several advertising networks to find ads to serve
on the proxy sites that I run, and they were all based out of law-and-order countries (the U.S.,
Canada, Israel, i.e. not China or Kazahkstan). As for the second condition, the advertiser
would probably have to serve the ad to many different users in order to achieve their goal --
whether their goal is
to infect users' machines, or to get them to buy the advertiser's fake anti-virus software,
or whatever --
and as long as a fixed percentage of users viewing the malicious ads are inclined to file complaints
about them, then the more the ads are served, the more complaints will come in until the ads are
taken out of rotation.

Of course, if the URL that's actually serving the malicious content, is located in
a law-and-order country, you could always just complain to the admins of the network where the
content is being hosted. But that's likely to be less effective, since (a) the actual URLs
that I've seen serving the malicious content, usually are located in cybercrime-infested
nations like China, and (b) even if you get one of those sites shut down, the advertiser
can instantly rotate in other sites with the same content,
and make that the new URL that users are redirected to.

It is also of course true that some pop-up ads are spawned not by websites, but by malicious programs
that actually infect your machine and force your browser to display pop-up windows. If some browser
maker adopted the feature I'm suggesting, and stored a user-viewable "history" associated with
each pop-up window, then a malicious program running on your machine might even be able to spoof
the history associated with a pop-up window, so that the user would right-click on it and think
it came from http://www.cnn.com/ instead of being spawned by malware. Once the user has their
machine infected by a rogue program, nothing that any other application tells them can really
be trusted after that point. So an advertiser network would have to be careful not to take
action against an innocent third party, just based on a flood of complaints that were sent in by
people whose machines were infected by malware that spoofs the origin of the pop-up windows.
Fortunately, if the allegedly malicious ad is still in rotation, it would be easy for
the advertiser network to check the validity of the complaint, by simply going to the advertiser's
ad-content page, and seeing if it redirects to the malicious content. If it does, then you have
grounds to boot the advertiser out of the network.

(You'd want to check the page's content
from some anonymous IP address not affiliated with the advertiser network though. Otherwise,
the advertiser might try to fool the ad network people, by showing "innocent" content when
the page is loaded from the IP addresses associated with the ad network's office, and serving
the scareware content to everybody else. Just trying to think of everything here.)

I'm sure there are other counter-strategies and counter-counter-strategies that would have to
be taken into account, and kinks to be worked out, but probably not fatal to the whole idea.
If a pop-up window opens on the user's computer that is possibly illegal, it is probably a good
thing to give the user the tools to figure out where the ad came from, and which advertiser network
to complain to. Right now, the ad window just floats there, and it's maddening not to have any
way of knowing which ad-serving network put it there, or even if you can identify the ad-serving
network, which of their advertisers created the content.

The main obstacle standing in the way of a major browser maker implementing this, may be that it
doesn't bring any particular benefit to the users of that browser.
When Microsoft adds SmartScreen to
Internet Explorer, they can now claim that IE users are better-protected than users of other
browsers. On the other hand, if the Mozilla Foundation adds the pop-up window right-click-history
feature to their browser, they can't legitimately claim that Firefox users are better
protected, since this feature wouldn't actually block anything.
Firefox users would simply be better equipped to complain about malicious
pop-up windows, and increase the chances of those rogue advertisements being taken down, or at
least kicked out of ad networks where they would do the most damage. However, the benefits
of that increased policing, would accrue to all Internet users, not just Firefox users.

Still, abuse desks get so many complaints about spam and spammers, that there are apparently
plenty of people out there who get enough satisfaction from complaining about net abuse, that
they would make use of the pop-up window-tracing feature if they had it. I know that when I
see a stupid ad pretending to "scan" my computer for viruses, I get unreasonably
disgusted, not from seeing the ad itself (which I can easily ignore), but from knowing
that the advertiser has probably fleeced people of thousands of dollars with that ad.
It would be nice to be able to help stop them before they cheat the next person.

Oh, yeah, "Flashblock". That must be those little grey boxes that I have to click on to play them, unless NoScript or AdBlock ate them first.

Occasionally, I see coworkers surfing the web on IE (we are company-bound to IE6, by the way). I look at their screens with all the boppity and the poppity and the flashity and I just wonder, how in THE HELL can they absorb any information at the web sites they are at with all those things sliding all over the place and e

Yeah, but this article is discussing the state if the industry, not how an expert user can avoid popups and other scareware/malware.
There are loads of machines out there being infected today by doing normal browsing on reputable sites. With the current industry practice of n-number of redirects through n-number of networks for 3rd party ad serving it makes it near impossible to track down those of nefarious intent on an incident level.

Once again it is not the.01% of us slashdotters that are the problem with malware infections, it is the millions of joe sixpacks that care not to go through the trouble that it takes to install and then browse with these specialized browsers and plugins.

I for one agree, something must be done; and "open letters" like this are often how the conversation starts.

And expert users are the only people who can really browse with the GP's combo. If we stuck everyone on that combo, they would be dead in the water when something breaks.

I skip noscript, only use adblock plus on slower systems (I'd like to let the sites get ad impressions, but my netbook browses so much smoother when the ads are getting blocked) and use flashblock somewhat randomly across systems. Even with flashblock alone, some sites simply can not be made to function properly without whitelisting it and reloading the page. I don't know if there are funny overlays or scripts that trigger eachother or what but sometimes the little play button just isn't enough.

The average user is not going to go around whitelisting, reloading, and otherwise troubleshooting pages.

Joe sixpack is not going to right click, and send to the website the cut and paste.

This solution is not a solution. Those who know about annoying popups have already blocked them. Those who do not know about preventing annoying popups are unlikely to right click, grab the route, and email it off to the site owner. It would effect basically nothing.

We depend on blacklists maintained by people we don't know but want our money to protect us from other people we don't know who want our money. We run crappy software (I'm looking at you, Symantec, but McAfee isn't far from my view) that slows down our computers and occasionally crashes then in an attempt to keep crappy software from slowing down our computers and occasionally crashing them. We freak out when Google knows our home address, th

I agree. For example, sometimes you want to load one particular flash object on a per instance basis while still blocking all of the rest. Flashblock allows one to pick and choose cafeteria-style which flash objects, even on an otherwise trusted site, will load and run and which ones will not. This is the sort of fine-grained and configurable control that geeks like us recognize and appreciate in our web browsing and computing experiences.

But back to TFA, I can't believe it didn't occur to Haselton that sending email to a site that has these ads is a bad idea that will probably get you on more spam lists. People who have these ads are part of the problem for a reason, and the reason is usually greed.

Your equation is missing a critical element: map known ad hostnames to your hosts file and map them to 0.0.0.0. DNS gets short circuited within localhost and immediately returns nothing. Much less work for Firefox and the aforementioned plugins.

I have ~11,000 of these in my hosts file. I don't see ads. If some new ones sneak through, I add that host. Google seems to be tricky with their analytics stuff (Urchin), have to keep an eye on it.

Actually I think Firefox + NoScript + Adblock Plus + FlashBlocker is over kill. I use Firefox with NoScript. I don't get popups, or the most annoying ads, and flash does not work unless the script is allowed.

Many people wouldn't want to deal with enabling particular scripts to view video or other bits of websites on a regular basis. I don't mind. Truth is when I saw this story I thought, "People still get popups?!?" Then I remembered a recent foray online on another PC with IE and it was nothing bu

Oh, that's easy. It comes from your need to pretend you don't feel inferior for making and sticking with a stupid choice (Windows).
Hey it's ok with me; those of us who use other OSes are used to it. Besides, lots of us make a good living off you guys. Must be a bitch for you though...

Oddly enough he actually had a book made into an HBO movie recently. It even had Jeff Bridges in it. So I guess he's still alive, although only seems to write about dogs because they'll tolerate anyone who has bacon bits.

He got into dogs and started writing books about them instead. Unfortunately, knowledgeable people in the "dog community" or whatever you call it have criticised him for killing his dogs at the first signs of illness, and for generally being a bad trainer. It's a familiar pattern - gain passing familiarity with something, pretend to be some deeply insightful authority and write about it, then retreat when things go pear-shaped (ie the Commodore 64 in Afghanistan, remember that?)

I was not aware of Roland until just before his death, and mostly just by the 'onoitsroland' tags. Slashdot's virtual service for him came to the conclusion "yeah he wasn't so bad, his submissions were blogwhoring but otherwise interesting, if quirky".

I doubt roland would have posted "Advanced users don't know about Fiddler or WireShark or localhost proxy."

This guy wouldn't use adblock though. You see, he not only supports popups in general, he actually proposes even worse ads as a good thing. This guy is a certified idiot and slashdot needs to stop giving him attention.

Huh, I fail to identify with your underlying scenario. I have the latest vanilla Firefox here (not even adblock or noscript) and it does a mighty fine job of blocking popups and letting me know if it did with a tiny bar that comes down. Now, if I didn't do something that would cause a popup on the site, I just ignore it. This works 99% of the time. The other 1% is some less than reputable video site using my "click to play" action in a Flash video to launch a popup that Firefox doesn't catch. Oh well, I make due just fine.

I'm glad that Norton blocks the malware attacks, since even though I always have all the latest security patches installed for Internet Explorer...

This would be the point in your investigative security piece (which you are delivering to a pack of highly caffenated, know-it-all, technology sector employed nerds) that you point out that you are only using this to mimic the average user's experience or you're doing this to criticize Microsoft or just that you normally use a more secure solution than this. Otherwise at best your credibility may suffer and at worse a frothing melee of insults will ensue... some possibly in Klingon delivered from a goeteed man pushing three bills. I find these to be most unpleasant experiences... both as the victim and the bystander so I wish you the best of luck and remind the audience to please be gentle.

Pop-ups in Internet Explorer? How quaint. I've forgotten what browsing in the late '90s was like since I've been using FIrefox for so long. Haven't seen a pop-up in ages. Thanks for the blast from the past.

Generally speaking, bad actors will counter any move you make. Talking about miscreants who might respond with innocent content for requests from the ad network's IP space is naive; this has been happening for years already. It is quite common to see a lot of different defenses deployed to protect the bad actors, and accurately tracking them is rarely simple. It's part of the power and part of the problem that is HTML.

To get people to buy things that use electric power instead of the alternatives that use other forms of power. For example, commercials claim the bidirectional air conditioner they call a "heat pump" is cheaper to run than a furnace when it's cold but not freezing outside. Or they might advertise in cooperation with auto makers to get people to buy plug-in electric vehicles like the 2011 Chevrolet Volt.

I mean beyond, "We're good guys. We bring you power, so you love us" when they face regulation.

ABSOLUTELY. And let the company whose product is advertised know that's the reason.

(on a side note - Slashdot has a feature to allow users to disable advertising if they have high enough Karma or something, and I haven't enabled that yet... but I'm coming close because of a few recent annoying ads and a couple popups. I'll support the site until it intrudes on my enjoyment.)

One thing I do is leave the site alone for a day so when I report it, I can tell them it was the last visit to the site. A detail like that helps when looking at logs. The hostname gives them where your located so if the add network uses locations to send adds, this will help.

part of the problem is that these sites will take real adds for real services and have them link to the real site. This helps them pass, then they push out a redirect script later or built in with a trigger to cause the redirection.

Its not often they can or take the time to track it down. But it sure feels good when they tell you they tracked it down because of your help.

I haven't seen a pop-up ad in years, but my understanding is that Google's Chrome browser handles this by keeping the pop-up inside the tab that created it. Not the full history of the page with redirects as was overly-verbosely proposed, but certainly a step in the right direction.

I had almost forgotten what a pop-up ad was. Like many of you, I have my own hosts file and I haven't even seen a pop-up in I-don't-know-when. Why doesn't the OP use one also? (No, I didn't read all TFA. Too many words.)

Some of us actually do know all about how grind vs. flow rate and temperature affect extraction, and don't over extract our coffee. Some of us even know all about roasting, what arabica is, and how to hold a conversation about the differences in acidic content between Ethiopean and Sumatra Mandheling, and how their acidity affects the flavor. We know why french roast is used in presses, italian roast is used in espresso machines, and can set a grind and extraction time which will result in perfect crema.

There are several varieties of American coffee which are exquisite. Kona and Blue Mountain are just a couple which are highly sought after.Not all of them taste like ass. It's poor roasting, brewing and dispensing practices that ruin American brewed coffee you may get in the united states. The coffee is fine. You just need to find a place that can consistently roast coffee correctly, then grind and brew it yourself or go to a coffee house that does it right. Chances are you are better off doing it yourself.

I think your statement should more accurately read "Most americans don't know how to brew and serve coffee". The American coffee itself is not usually the problem.

Totally off topic, Starbuck's CEO has flat out stated they aren't in the coffee business, they are in the dairy business. They make their coffee taste like such crap, the only way you can drink it is as a caramel frapamochachino loaded with milk. "Coffee" being just one of the many flavors you can buy with Starbuck's milk products.

Here's a solution, don't patronize any site that uses those types of advertisements. There is NOTHING on the site you can't get elsewhere with less crap. NOTHING.

I don't go to sites that have crap splashing all over my screen. I'll do without thank you very much. If a site expects me to use IE, I won't go. If a site wants to bombard me with flash for no reason other than to look...well flashy, then I won't go. If a site wants to use javascript to do all sorts of stupid stuff to "look pretty", then it isn't getting me to visit again.

If you go away, and don't return, and you find sites that give you what you want without all the crapware pieces then they will learn. As for idiots who don't understand, stupid should hurt.

Here's a solution, don't patronize any site that uses those types of advertisements.

Ah, another popunder site! How quaint. Frankly the font choice of Comic Sans, though an amusing display of off-off-off-Google metatextual awareness, is a little pedestrian and the rollovers lack a certain... finesse, and really, flashing purple highlights in 2010? It's like they've never even seen the Apple spring collections! refreshingly naive, but at least the web designer is out there getting experience, and that's what really matters for young things today. I look forward to seeing future productions f

It's convenient that you can block ads in web browsers. That may be on the way out.

You can't block ads on the iPad. One of the "advantages" being touted to advertisers [clickz.com] for the closed ecosystems of the various "ereaders" and "pads" is that they can have unblockable, unskippable ads. There hasn't been much about this in the popular press yet, but it's being of great interest in the advertising community, where more "control over the user experience", and less control by the user, is desired.

You can already see a trend in this direction, with Flash-based video players which insert unskippable ads.

I'd say a large fraction of this audience won't buy an iPad, just for starters. For another, I suspect a fair number who do buy them will also jailbreak them and recover their control over their own device. Call me crazy...

Regardless, it will be a very long time, even in Internet time, before the majority of devices used to read web pages aren't full-fledged PCs.

I'm glad that Norton blocks the malware attacks, since even though I always have all the latest security patches installed for Internet Explorer, it's always possible that an attacker could be using an exploit that hasn't been patched yet.

Does this make sense to anyone who's really thought this through?

What magic does Symantec use that blocks unknown exploits? Or are you saying you update Norton AV hourly, and Internet Explorer only bi-annually?

I know that when I see a stupid ad pretending to "scan" my computer for viruses, I get unreasonably disgusted, not from seeing the ad itself (which I can easily ignore), but from knowing that the advertiser has probably fleeced people of thousands of dollars with that ad.

Ethics aside, those "scanning" ads are really quite ingenious for their ability to elicit a true "what the fuck" reaction when first encountered.

I am far more offended by that "lose belly fat" ad that AdSense drops seemingly everywhere...knowing that someone sat down and actually produced that uninspired elementary school-looking advertisement blows my mind. Moreover, it has been running for ages, so you know it is generating all sorts of clicks.

1- don't write wall of texts detailing how out of it you are2- use a HOSTS file, solves 90% of problems. Good one here: http://www.fanboy.co.nz/adblock/opera/ [fanboy.co.nz]3- use any browser that can block popups/flash/jscript. I personally use Opera.

I See a time when pop-up adsor Help files are no longer neededon wEb sites and we can just thinkto Control our web browsers.I Am a firm beliver that this will happenaNd look forward to it.IrRational advetisers are the source of pop ups.To Educate people on how to browse is essential.My bAit and switch idea for spammers should be effective.Is buDding technology out there going to solve thisOr sYstems of control needed in meat space versus cyberspace?As COntrols advance into HTML-5 how can we combat the Pop-U

What the F#$%.
Are we practicing for April Fools. Is that it?
I mean I hate the way that with MS you have to press 2 buttons to shutdown your computer. You know I press shutdown and I it asks me if I want to Restart, or Shutdown. I mean really now, why can't I just press the button that says shutdown and the f$%^ing thing just shuts down.
Oh, sorry. Did I digress? Oh, excuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuussssssssssssssssssse me. Yeah, we got that viscous popup issue that everyone seems to have figured out the solution to, except "The Last Retard" (TLR @copyright JumpDrive). But I did happen to notice there were more than one of you, that had to jump into this, thinking this was an issue the cyber police should handle, you being one of it's elite members using IE and Norton.
I mean Jeeeesus H. Christ, WE ARE TECHNICAL GURUS, WE HAVE IMPORTANT SHIT TO DISCUSS. What would happen if we got distracted and missed an update on the latest splash screen changes on a linux distribution? And dam it man, there could be a game that is or isn't going to be produced? What if somebody had heard a rumor about "Duke Nukem Forever" coming out in 1Q of 2011? Holy shit, the force is definitely not with you.

Amen to alot you said. Yeah, people are going on and on about adblock (which I use, and is great) but I still think you made some good points regardless. As the internet is growing up, we need more and more simple ways for the average browser to educate himself (where did this ad come from?) and be able to send that information to the host. Maybe today its feasible for the host to try to manage himself, but the internet is only going to get bigger and bigger.

Advertisements are, by their very nature, not the least bit inclined to honesty.

Even if you could get users to agree to devote more eyeball time to, or simply abide, the more intrusive ads, you're still subjecting them to a flood of stuff they a) didn't ask for, or b) didn't want to see.

Remember, it was an advertiser that dreamed up the offensive popups; it was an advertiser that came up with the idea of spam; it was an advertiser that thought robo-dialers were a good thing. In fact, I can't think of any recent advertising advance that hasn't been intrusive, or invasive in some form or another.

Advertisers need to get off the high horse of "the world can't exist without us" and re-evaluate their entire approach to customer relations. Advertisers do not have a right to exist simply because they can create sales. If an advertiser chooses a business model using approaches that are hostile to a consumer's life experience, they should expect nothing more than a welcome to the world of Darwinian economics. Advertisers need to stop bitching about "why the customers won't do things our way..." and make a god-damned effort to communicate instead of dictate.

Ads are being served to users that do not want them - but the advertisers are paying. Who exactly is the customer here? The end user viewing the ad or the advertiser? What the poster missed here is that there are four players here:

The advertiser with malicious or misleading content.

The ad purveyor who is collecting money from the advertiser for putting ads up on web sites.

The web site operator who is getting paid to have ads displayed to visitors.

Finally, the end user viewing the ad.

OK, so who is in control of what here? Well, the web site operator is selling "time" or "visitors" and might like to exhert some kind of control over the ads but isn't offered any such control. Try convincing Google that you do not want to see any ads for multi-level marketing scams on your web site. Go ahead, try. No good, huh? No, you don't have much control - maybe you can say no to "adult" ads.

The ad purveyor has complete control, but they are being paid plenty to post ads. All kinds of ads. They are heavily isolated from the end user, such that even if the end user finds out the CEOs phone number what exactly are they going to do? The end user is not paying the ad purveyor - the advertiser is.

You will never find the advertiser to complain, and even if you did it wouldn't matter. If you are going to advertise on the Internet you have to be immune to complaints. Someone is going to complain all the time. And it doesn't matter because the end user has no control whatsoever.

Sure, the end user can annoy the web site operator - who, by the way, is getting paid plenty to sit and take the complaints and do nothing. Even if the web site operator wanted to do something they have no control. They have two choices - stop advertising and stop the flow of money, or ignore the complaints. The "threat" of moving to a different advertising purveyor is hollow - there are no "different" or "better" purveyors - just those that pay less. The object here for the web site operator is to get as much for their "product" (visitors seeing ads) as possible. End user complaints have no meaning unless you have four visitors that just keep coming back.

Oh, and the advertiser just doesn't care what anyone thinks about this process. After all, they are the ones pushing misleading or harmful content, right?

It is all about control, power and relationships. If you don't understand that you need to sit down and think this stuff through. The Internet today is a fundamentally abusive relationship for the end user. They are the "bottom boys" being dominated and get to take whatever is coming their way. Don't like it? Try a different browser that (hopefully) blocks ads better. If you visit web sites where there are ads, you are going to be subjected to ads - abusive, misleading and harmful ads. Your ability to affect this is small indeed - you can try to block the stream of ads coming your way or you can avoid the more heavily ad-laden web sites.

No, you fucking plebeian. Bennet Hasselton has two last names, and both of them are extra snooty, therefore you will read all of Bennet Hasselton's exquisitely crafted prose and you will like it. A genius like this is doing us all a service by sharing his wisdom, so get out a spoon and eat that shit up.

Parent is not a troll. There's two huge red flags that popped up right at the beginning of TFS:

One, he's using Norton, which anybody knows is ripe for ridicule in this particular forum.

Two, as has and will be mentioned numerous times, Noscript, adblock, etc. make all this very academic (which, I know, is the point of Bennet's writings here, to explore concepts in theory).

So while I'm sure his opinion is interesting to whatever eggheads here like to digest his cromulent but otherwise semantic ramblings, the rest of us will do pretty much what parent has done and say "who gives a fuck?"

For someone who calls himself an experienced user and has shown at least some level of technical competence in the past, I don't think Bennett Haselton uses IE and Norton because he thinks they're good. It could be a work computer or a test machine (nowhere does he state whether its his own personal computer or a work computer).

I think what he's saying makes a good bit of sense (for once). A feature like this would be really useful, especially for the less technically minded users. Combining it with a datab

From what the article was saying, these ads tried to compromise his computer and Norton (Oh god, what idiot still uses Norton?) blocked the attack. An attempted compromise would fall under the umbrella of the previously mentioned act and be criminally punishable in the USA. If the ad was served from some other country, probably the best that could be done would be to get the ad pulled from the ad network, which would stop future attacks from that particular ad.

Well, because Bennett Haselton is the Internet's Most Savvy Great-Grandpa! In fact, he just upgraded himself from Earthlink to a DSL connection ALL BY HIMSELF! He did have to spend some time on the phone with the tech figuring how how to get his TCP/IP setting set properly in Windows 98 though.